Search This Blog

Stuff people encrypt ....

This week on the Introduction to Cyber Security MOOC (hosted on Futurelearn), the topic is cryptography. Learners are having fun figuring out how Alice and Bob communicate while keeping their messages secure from Eve - and sharing some funny xkcd.com cartoons in the process. One of the exercises we set was to use a PGP mail tool (Mailvelope) to sign and encrypt an email sent to a mailbox we set up specifically for the MOOC. I have a mail rule that invokes a simple script to strip out the PGP message text, decrypt it and send it back to the learner in an email.

Although many people have successfully completed the task, there is a general consensus that routinely encrypting emails is unlikely to be adopted by most people. The hurdles identified by people range from the impracticality of getting other people to use crypto in their communications, to the challenge of configuring the crypto tools and their general (lack of) usability. It seems that Whitten and Tygar's findings on "Why Johnny Can't Encrypt" and Sheng et al's research on "Why Johny Still Can't Encrypt" continue to hold true.

It has also been interesting to check out the types of messages that learners are choosing to encrypt and send to us. Many of them are along the lines of "This is a test message", but there also seems to be a significant proclivity towards "This is my secret message, please don't steal it". However, the outlier by a long distance was the learner who encrypted and sent in the complete lyric to "Barbie Girl" by Aqua!

Comments

Post a Comment

Popular Posts

There is a proliferation of devices being developed to form the building blocks of the Internet of Things (IoT), from Internet-connected power sockets and light bulbs to kettles, toasters and washing machines. However, to realise the full potential of the IoT, it will be necessary to allow these devices to interconnect and share data with each other to deliver the functionalities required by end-users. In recent research on end-user programming for the IoT, my colleagues Pierre Akiki, Yijun Yu and myself have proposed the notion of Visual Simple Transformations (ViSiT), that provides a visual programming paradigm for users to wire together IoT devices. The video above shows a demonstration of the ViSiT solution and full details of the approach will appear in an upcoming special issue of the ACM Transactions on Computer-Human Interaction (ToCHI).

IOT-2016 7-9 September, 2016, Stuttgart, Germany from Charith Perera
Recent DDoS attacks on key internet services, like the attack that affected the Dyn domain name service, highlighted the security challenges associated with the proliferation of insecure Internet of Things (IoT) systems. This attack exploited common vulnerabilities like the use of default administration passwords on IoT devices such as internet-enabled CCTV cameras, internet-enabled appliances and smart home devices, to recruit over hundreds of thousands of nodes into a botnet. This capability highlights the cyber security threats associated with the IoT and brings into sharp relief the importance of considering both security and privacy when designing these systems.

In recent work, presented at the Internet of Things Conference, we describe a privacy-by-design framework for assessing the privacy capabilities of IoT applications and platforms. Building on more general design strategies for privacy in informaiton …

UPDATE: Exciting opportunities to join the team for this research project - we have vacancies for a Software Engineering post-doc: http://www.open.ac.uk/about/employment/vacancies/post-doctoral-research-associate-15086and a Research Software Engineer: http://www.open.ac.uk/about/employment/vacancies/research-software-engineer-15085
I am excited to learn that our bid to undertake a new EPSRC funded research project, "Citizen Forensics" has been successful. The project sits at the intersection of software engineering, psychology, policing and power/politics/economics, exploring the use of technology to improve collaboration between citizens and the police. I will be leading the project, which will involve my colleagues Blaine Price, Bashar Nuseibeh, Graham Pike (OU Psychology / Centre for Policing Research & Learning), Mark Levine (Psychology Exeter) and Peter Bloom (OU Faculty of Business & Law).

A key challenge of the project is to investigate how adaptive software…